Detecting Botnets Through Log Correlation
Botnets, which consist of thousands of compromised machines, can cause a significant threat to other systems by launching Distributed Denial of Service attacks, keylogging, and backdoors. In response to this threat, new effective techniques are needed to detect the presence of botnets. In this paper...
| Main Authors: | , |
|---|---|
| Format: | Conference or Workshop Item |
| Published: |
2006
|
| Online Access: | https://eprints.nottingham.ac.uk/595/ |
| _version_ | 1848790439988035584 |
|---|---|
| author | Al-Hammadi, Yousof Aickelin, Uwe |
| author_facet | Al-Hammadi, Yousof Aickelin, Uwe |
| author_sort | Al-Hammadi, Yousof |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | Botnets, which consist of thousands of compromised machines, can cause a significant threat to other systems by launching Distributed Denial of Service attacks, keylogging, and backdoors. In response to this threat, new effective techniques are needed to detect the presence of botnets. In this paper, we have used an interception technique to monitor Windows Application Programming Interface system calls made by communication applications. Existing approaches for botnet detection are based on finding bot traffic patterns. Our approach does not depend on finding patterns but rather monitors the change of behaviour in the system. In addition, we will present our idea of detecting botnet based on log correlations from different hosts. |
| first_indexed | 2025-11-14T18:12:38Z |
| format | Conference or Workshop Item |
| id | nottingham-595 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:12:38Z |
| publishDate | 2006 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-5952020-05-04T20:29:42Z https://eprints.nottingham.ac.uk/595/ Detecting Botnets Through Log Correlation Al-Hammadi, Yousof Aickelin, Uwe Botnets, which consist of thousands of compromised machines, can cause a significant threat to other systems by launching Distributed Denial of Service attacks, keylogging, and backdoors. In response to this threat, new effective techniques are needed to detect the presence of botnets. In this paper, we have used an interception technique to monitor Windows Application Programming Interface system calls made by communication applications. Existing approaches for botnet detection are based on finding bot traffic patterns. Our approach does not depend on finding patterns but rather monitors the change of behaviour in the system. In addition, we will present our idea of detecting botnet based on log correlations from different hosts. 2006 Conference or Workshop Item PeerReviewed Al-Hammadi, Yousof and Aickelin, Uwe (2006) Detecting Botnets Through Log Correlation. In: Proceedings of the Workshop on Monitoring, Attack Detection and Mitigation (MonAM 2006), Tuebingen, Germany. |
| spellingShingle | Al-Hammadi, Yousof Aickelin, Uwe Detecting Botnets Through Log Correlation |
| title | Detecting Botnets Through Log Correlation |
| title_full | Detecting Botnets Through Log Correlation |
| title_fullStr | Detecting Botnets Through Log Correlation |
| title_full_unstemmed | Detecting Botnets Through Log Correlation |
| title_short | Detecting Botnets Through Log Correlation |
| title_sort | detecting botnets through log correlation |
| url | https://eprints.nottingham.ac.uk/595/ |